Thank very much Jose!
The disabling of the php-scripts in the .conf works! Fine, half of the problem is solved!
BUT, I am not quite sure if people are not able to reenable it by a .htaccess file.
I just made a try of this: I made an entry in the .conf:
<Directory "d:/...">
php_admin_value engine Off
</Directory>
php_admin_value engine Off
</Directory>
=> ok workes fine, the php is not processed, it comes as source code
Then I put a .htaccess file into d:/... into which I wrote:
php_admin_value engine On
=> apache delivered me a 500 error.
Therefore, does anyone know:
a) has the apache server already a mechanism to block the switching on of the php engine in .htaccess files GENERALLY? (switching off works!)
b) Better - in order to be 200% sure - is there a possibility like "AllowOverride" e.g. to disable the switching on/off of the php engine in .htaccess files?
Sincerely
Klaus
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.orgJose R R < jose....@metztli.com> hat am 8. Juni 2020 um 00:14 geschrieben:
Niltze [Hello], Klaus-
On Sun, Jun 7, 2020 at 12:12 PM Klaus Neudecker< klaus.neudec...@ndckr.de> wrote:>Hello,I have my Apache main directory: /www (<Directory /www> /DocumentRoot /www)In this directory and its subdirectories *.php files get executed by php.In the subdirectory /www/publications (and recoursly in itssubdirectories) I allow people (relatively trustworthy!) on thefilesystem to drop publications, documentations e.g. which arereferenced by a database as path+filename to the files. php thenproduces with this database information www-pages with html-links tothese files.If people drop *.php files as documentation for the source code(!) in/www/publications these *.php scripts get executed, too. Dangerously(!)and no documentation for the source code.Therefore I want that no *.php files get executed within/www/publications . It should be stupidely delivered like a *.html file.I already managed this by a .htaccess file with the entry "php_flagengine off".But the .htaccess file could be deleted or .htaccess files with"php_flag engine on" could get put in another subdirectory. :-(Therefore:a) I want to put the "php_flag engine off" in the apache2.conf.You may want to adapt this example to your main httpd.conf
>b) Add an "AllowOverride" in this apache2.conf that allowes ONLY noswitching OF THE "PHP_FLAG ENGINE OFF" in this directory or anysubdirectory. (But I have to be able to use a .htaccess in thesedirectories with e.g. "Options +Indexes"!)Does anyone of you have an idea how to implement this in the apache2.conf?SincerelyKlaus>---------------------------------------------------------------------To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Best Professional Regards.
--Jose R R---------------------------------------------------------------------------------------------Download Metztli Reiser4: Debian Buster w/ Linux 5.5.19 AMD64---------------------------------------------------------------------------------------------feats ZSTD compression https://sf.net/projects/metztli-reiser4/
-------------------------------------------------------------------------------------------Official current Reiser4 resources: https://reiser4.wiki.kernel.org/
---------------------------------------------------------------------To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org